Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I am developing a payment gateway like Stripe (Uses our local mobile money transfer) which other developers can integrate with their e-commerce websites or apps. Which is the most suitable OAuth2 method to authenticate 3rd party apps. Client Credentials Grant Tokens or Personal Access Tokens?
Any humble opinions will be highly appreciated.
@kenprogrammer The client credentials grant type is for server-to-server communication. Personal Access Tokens are where a user generates a token themselves to use with an API, similar to what GitHub offers.
Stripe doesn’t use OAuth. Instead, it uses a publishable key to identify developers making client-side requests, and a secret key when making server-side requests.
Thanks for the clarification. One more question please. Consider Backoffice Rental management system which enables rental agencies to manage tenants, properties and Landlords, rent payments etc. Now I want to provide a website/portal to help an agency to publish and advertise vacant properties. Lets' assume the website is built with NuxtJS. How will the NuxtJS app authenticate with the system APIs to query properties since there's no login required to generate access tokens?
Please or to participate in this conversation.